Step 1
|
Log in to your Nexus Dashboard and open the Nexus Dashboard Orchestrator service.
|
Step 2
|
Create a new Fabric Policy template.
-
From the left navigation pane, choose .
-
On the Fabric Policy Templates page, click Add Fabric Policy Template.
-
In the Fabric Policies page's right properties sidebar, provide the Name for the template.
By default, the new template is empty, so you need to add one or more fabric policies as described in the following steps.
Note that you don't have to create every policy available in the template – you can define one or more policies of each type
to deploy along with this template. If you don't want to create a specific policy, simply skip the step that describes it.
|
Step 3
|
Assign the template to one or more sites.
The process for assigning Tenant Policy templates to sites is identical to how you assign application templates to sites.
-
In the Template Properties view, click Actions and choose Sites Association.
The Associate Sites to <template-name> window opens.
-
In the Associate Sites window, check the checkbox next to the sites where you want to deploy the template.
Note that only the on-premises ACI sites support tenant policy templates and will be available for assignment.
-
Click Ok to save.
|
Step 4
|
Create a VLAN Pool.
A VLAN pool specifies the VLAN IDs or ranges used for VLAN encapsulation that the physical or VMM domains consume.
-
From the +Create Object dropdown, select VLAN Pool.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Click +Add VLAN Range, provide the range, and click the checkmark icon to save it.
-
Repeat the previous substep to create any additional VLAN ranges within the same policy.
-
Repeat this step to create any additional VLAN pools.
|
Step 5
|
Create a Physical Domain.
Physical domain profiles are typically used for bare metal server attachment and management access. A domain is configured
to be associated with a VLAN pool. EPGs are then configured to use the VLANs associated with a domain.
-
From the +Create Object dropdown, select Physical Domain.
-
In the right properties sidebar, provide the Name for the domain.
-
(Optional) Click Add Description and provide a description for the policy.
-
Click Select a VLAN Pool Policy and choose one of the VLAN pools for this domain.
The VLAN pool must be already created as described in Step 3.
-
Repeat this step to create any additional Physical Domains.
|
Step 6
|
Create an L3 Domain.
An L3 Domain profile is a policy for managing the physical infrastructure, such as ports and VLANs, that can be used to connect
the ACI fabric to a Layer 3 routed outside network.
-
From the +Create Object dropdown, select L3 Domains.
-
In the right properties sidebar, provide the Name for the domain.
-
(Optional) Click Add Description and provide a description for the policy.
-
(Optional) Click Select a VLAN Pool Policy and choose one of the VLAN pools for this domain.
If you plan to use point-to-point routed interfaces, no VLAN Pool is necessary and you can skip this step.
However, if you configure sub-interfaces or SVIs, you must provide the required VLANs by adding a VLAN Pool. In this case,
the VLAN pool must be already created as described in Step 3.
-
Repeat this step to create any additional L3 Domains.
|
Step 7
|
Create a SyncE Interface Policy.
With Ethernet equipment gradually replacing Synchronous Optical Networking (SONET) and Synchronous Digital Hierarchy (SDH)
equipment in service-provider networks, frequency synchronization is required to provide high-quality clock synchronization
over Ethernet ports. Frequency or timing synchronization is the ability to distribute precision frequency around a network.
Synchronous Ethernet (SyncE) provides the required synchronization at the physical level. In SyncE, Ethernet links are synchronized
by timing their bit clocks from high-quality, stratum-1-traceable clock signals in the same manner as SONET/SDH.
For detailed information on SyncE in ACI fabrics, see the "Synchronous Ethernet (SyncE)" chapter of the Cisco APIC System Management Configuration Guidefor your release.
-
From the +Create Object dropdown, select SyncE Interface Policy.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Provide policy details.
-
Admin State – Enables or disables the policy.
Default is disabled .
-
Sync State Msg – If unchecked, disables sending ESMC packets and also ignores any received ESMC packets.
-
Selection Input – Enables configuration of the priority of the frequency source on an interface.
-
Src Priority – The priority of the frequency source on an interface. This value is used in the clock-selection algorithm to choose between
two sources that have the same QL.
Values can range from 1 (highest priority) to 254 (lowest priority). The default value is 100.
Can be configured only if Selection Input is enabled.
-
Wait To Restore – The wait-to-restore time, in minutes, is the amount of time after the interface comes up before it is used for frequency
synchronization on an interface. Values can range from 0 to 12 minutes. The default value is 5.
Can be configured only if Selection Input is enabled.
-
Repeat this step to create any additional SyncE Interface policies.
|
Step 8
|
Create an Interface Settings policy.
If you want to configure SyncE or MACsec for this interface, you must have those policies already created as described in
corresponding steps.
An interface settings policy allows you to define a set of common interface settings which you can later deploy to one or
more ports on one or more switches for consistent configuration across them.
-
From the +Create Object dropdown, select Interface Settings.
-
Choose the Type of the interface you are configuring.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Provide policy details.
-
Speed – The data transfer rate for the port. This should match the destination to which the port is linked. The speed can be changed
only for certain ports, and not all speeds are available on all systems. For more information, see the Hardware Installation
Guide for your specific switch node.
-
Auto-Negotiation – Enables autonegotiation for port.
-
VLAN Scope – The Layer 2 Interface VLAN scope.
Global scope – Sets the VLAN encapsulation value to map only to a single EPG per leaf.
Port Local scope – Allows allocation of separate (port, VLAN) translation entries in both ingress and egress directions. This configuration
is not valid when the EPGs belong to a single bridge domain.
-
CDP Admin State – Enables Cisco Discovery Protocol (CDP) on the interface.
-
LLDP – Enables Link Layer Discovery Protocol (LLDP) on the interface
-
MCP Admin State – Enables MisCabling Protocol (MCP) on the interface.
-
Domains – Choose one or more domains with which you want to associate this interface policy.
Specifying a domain is not mandatory, the interface policy can be created and deployed to sites without an associated domain.
-
Advanced Settings – Click the arrow next to this section to expand.
-
SyncE – If you want have a SyncE policy defined and want to assign it to this interface settings policy, select it from the dropdown.
-
Debounce Interval – The port debounce time is the amount of time that an interface waits to notify the supervisor of a link going down. During
this time, the interface waits to see if the link comes back up.
-
Bring Up Delay – Specifies a time in milliseconds that the decision feedback equalizer (DFE) tuning is delayed when a port is coming up.
The delay is used to help avoid CRC errors during link bringup when using some third-party adapters.
You should set the delay only as required; in most cases, you do not need to set a delay.
-
FEC – Forwarding Error Correction (FEC) is a method of obtaining error control in data transmission over an unreliable or noisy
channel in which the source (transmitter) encodes the data in a redundant way using Error Correcting Code and the destination
(receiver) recognizes it and corrects the errors without needing a retransmission.
-
QinQ – Enables mapping double-tagged VLAN traffic ingressing on a regular interface, PC, or vPC to an EPG. When this feature is
enabled and double-tagged traffic enters the network for an EPG, both tags are processed individually in the fabric and restored
to double-tags when egressing the ACI switch. Ingressing single-tagged and untagged traffic is dropped.
-
Reflective Relay – Forwards all traffic to an external switch, which then applies policy and sends the traffic back to the destination or
target VM on the server as needed. There is no local switching. For broadcast or multicast traffic, reflective relay provides
packet replication to each VM locally on the server.
One benefit of reflective relay is that it leverages the external switch for switching features and management capabilities,
freeing server resources to support the VMs. Reflective relay also allows policies that you configure on the Cisco APIC to
apply to traffic between the VMs on the same server.
In the Cisco ACI, you can enable reflective relay, which allows traffic to turn back out of the same port it came in on. You
can enable reflective relay on individual ports, port channels, or virtual port channels as a Layer 2 interface policy.
The default value is disabled.
-
LLDP Transmit State – Allows Link Layer Discovery Protocol (LLDP) packets to be sent from the interface.
LLDP Receive/Transmit State flags can be configured only if LLDP is globally enabled in the Interface policy.
-
LLDP Receive State – Allows LLDP packets to be received by the interface.
-
BPDU Filter – Bridge Protocol Data Unit (BPDU) filter filters out any BPDUs on the port.
BPDU filter prevents both inbound and outbound BPDUs – the received BPDUs are dropped and no BPDUs are sent out.
-
BPDU Guard – BPDU guard prevents the port from receiving BPDUs; if any BPDUs are received on the port, the port is put into errdisable mode.
-
LLFC Transmit State – Allows Link Level Flow Control (LLFC) packets to be sent from the interface.
-
LLFC Receive State – Allows LLFC packets to be received by the interface.
-
Access MACsec Policy – If you want have an access MACsec policy defined and want to assign it to this interface settings policy, select it from
the dropdown.
-
Repeat this step to create any additional Interface Settings policies.
|
Step 9
|
Create a Node Settings policy.
A node settings policy allows you to define a set of common node settings which you can later deploy to one or more switches
for consistent configuration across them.
In this release, the Node Settings policy supports enabling SyncE and PTP functionalities.
-
From the +Create Object dropdown, select Node Settings.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
If you want to deploy SyncE configuration to the nodes, enable SyncE and provide the settings.
For detailed information about SyncE, see the "Synchronous Ethernet (SyncE)" chapter of the Cisco APIC System Management Configuration Guide for your release.
-
Admin State – Enables or disables the policy.
-
Quality Level Option – Specifies the accuracy of the clock. This information is transmitted across the network using SSMs carried by ESMC and
is used to determine the best available source to which the devices in the system can synchronize.
-
If you want to deploy PTP configuration to the nodes, enable PTP and provide the settings.
-
Repeat this step to create any additional Node Settings policies.
|
Step 10
|
Create a Pod Settings policy.
Before you can create a Pod settings policy, you must have an NTP policy already created for it as described in the corresponding
step.
If you want to configure a Pod-wide MACsec policy, you must have a MACsec policy already created as described in the corresponding
steps.
A Pod settings policy allows you to define a set of common Pod settings which you can later deploy to one or more Pods in
your fabric for consistent configuration across them.
-
From the +Create Object dropdown, select Pod Settings.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Click Select a NTP Policy and choose the NTP policy.
-
From the Fabric MACsec Policy dropdown, select the MACsec policy.
-
Repeat this step to create any additional Pod Settings policies.
|
Step 11
|
Create a MACsec policy.
MACsec provides MAC-layer encryption over wired networks by using out-of-band methods for encryption keying. The MACsec Key
Agreement (MKA) Protocol provides the required session keys and manages the required encryption keys.
For detailed information on MACsec in ACI fabrics, see the "MACsec" chapter of the Cisco APIC System Management Configuration Guide for your release.
-
From the +Create Object dropdown, select MACsec.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Provide policy details.
-
Type – Defines the type of the interfaces this policy will be applied to.
All of the links on a spine switch are considered to be fabric links. However, if a spine switch link is used for IPN connectivity,
then this link will be treated as an access link. This means that a MACsec access policy must be used to deploy MACsec on
these links.
-
Admin State – Enables or disables the policy.
-
Cipher Suite – When selecting the cipher suite AES 128 or AES 256 without Extended Packet Numbering (XPN), you must explicitly specify
the Security Association Key (SAK) expiry time. Leaving the SAK expiry time value at the default ("disabled") can cause interfaces
to go out of service randomly.
-
Window Size – A replay window is necessary to support the use of MACsec over provider networks that reorder frames. Frames within the
window can be received out of order, but are not replay protected. The default window size is 64. The replay window size can
be configured in the range of 0 to 232-1 if you use the Cisco APIC GUI or CLI. If you use a XPN cipher suite, the maximum replay window size is 230-1, and if you configure a higher window size, the window size gets restricted to 230-1. If you change the cipher suite to a non-XPN cipher suite, then there is no restriction and the configured window size is
used.
-
Security Policy – APIC MACsec supports two security modes. The MACsec Must-Secure only allows encrypted traffic on the link while the Should-Secure allows both clear and encrypted traffic on the link. For example, a port can turn on MACsec in Must-Secure mode before its peer has received its keychain resulting in the link going down. To address this issue, the recommendation
is to deploy MACsec in Should-Secure mode and once all the links are up then change the security mode to Must-Secure .
Note
|
Before deploying MACsec in Must-Secure mode, the keychain must be deployed on the affected interface or the interface will go down.
|
-
SAK Expiry Time – When selecting the cipher suite AES 128 or AES 256 without Extended Packet Numbzring (XPN), you must explicitly specify
the Security Association Key (SAK) expiry time. Leaving the SAK expiry time value at the default can cause interfaces to go
out of service randomly.
-
Key Name – Allows you to create a MACsec key. APIC is responsible for the MACsec keychain distribution to all the nodes in a Pod or
to particular ports on a node.
-
Click +Add MACsec Key.
-
Provide the Key Name.
-
Provide the pre-shared key in the PSK field.
-
In the Start Time field, provide the date for the key to become valid.
-
In the End Time field, provide the date for the key to expire.
-
Click Ok to save the key.
-
Repeat the steps for any additional keys you want to provide.
-
Repeat this step to create any additional MACsec policies.
|
Step 12
|
Create an NTP Settings Policy.
Within the ACI fabric, time synchronization is a crucial capability upon which many of the monitoring, operational, and troubleshooting
tasks depend. Clock synchronization is important for proper analysis of traffic flows as well as for correlating debug and
fault time stamps across multiple fabric nodes.
For detailed information on NTP in ACI fabrics, see the "Provisioning Core ACI Fabric Services" chapter of the Cisco APIC Basic Configuration Guidefor your release.
-
From the +Create Object dropdown, select NTP Settings.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Provide policy details.
-
Click +Add Key to provide the NTP client authentication key.
-
Advanced Settings – Click the arrow next to this section to expand.
-
Admin State – Enables or disables the NTP policy.
-
Server State – Enables the ACI leaf switches to act as NTP servers to provide NTP information to downstream clients.
When enabled, the downstream clients can use the in-band/out-of-band management IP address of the leaf switch to which they
are connected as the NTP server.
-
Master Mode – Enables the designated NTP server to provide undisciplined local clock time to downstream clients with a configured stratum
number. For example, a leaf switch that is acting as the NTP server can provide undisciplined local clock time to leaf switches
acting as clients. This is only applicable when the server clock is undisciplined.
-
Stratum – Specifies the stratum level from which NTP clients will get their time synchronized.
If the Server State option is enabled and clients connected to an ACI leaf switch are configured to use the switch's management IP address as
NTP server, they will receive NTP information with stratum+1.
The range is from 1 to 14.
-
Authentication State – Enables certificate-based authentication.
If you enable this option, you must provide the key using the +Add Key option above.
-
Click +Add Provider to specify the NTP server information.
In the Add Provider window that opens, you must provide the server's Host name / IP Address, the name of the Management EPG, and the Management EPG Type.
Note
|
The management EPG with the specific type that you choose must be already configured in the APICs of the sites with which
this template is associated.
|
If you are creating multiple providers, check the Preferred option for the most reliable NTP source.
-
Repeat this step to create any additional NTP Settings policies.
|
Step 13
|
Create a PTP Settings policy.
The Precision Time Protocol (PTP) is a time synchronization protocol for nodes distributed across a network. With PTP, you
can synchronize distributed clocks with an accuracy of less than 1 microsecond using Ethernet networks. PTP's accuracy comes
from the hardware support for PTP in the ACI fabric spine and leaf switches.
For detailed information on PTP in ACI fabrics, see the "Precision Time Protocol" chapter of the Cisco APIC System Management Configuration Guide for your release.
-
From the +Create Object dropdown, select PTP Settings.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Provide policy details.
-
Admin State – Enables or disables the policy.
-
Global Priority 1 – Specifies a value that is used when advertising this clock. Priority 1 overrides the default criteria (such as clock quality
and clock class) for best master clock selection.
Valid values are from 0 to 255. The default is 128. Lower values take precedence.
-
Global Priority 2 – Specifies a value that is used when advertising this clock. Priority 2 is used as a tie-breaker between two devices that
are otherwise equally matched in the default criteria.
Valid values are from 0 to 255. The default is 128. Lower values take precedence.
-
Global Domain – Specifies the PTP domain number. Although multiple PTP domains are not supported in Cisco ACI, you can still change the
domain number in use. The same value is used on all leaf and spine switches.
Valid values are from 0 to 128. The default is 0.
-
Fabric Profile Template – Specifies the PTP profile that defines the default values for the interval settings below. Profiles are used to define
various parameters that are optimized for different use cases of PTP. Some of those parameters include, but not limited to,
the appropriate range of PTP message intervals and the PTP transport protocols. A PTP profile is defined by many organizations/standards
in different industries.
-
AES67-2015: AES67-2015, which is the standard for audio over Ethernet and audio over IP interoperability.
-
Default: IEEE 1588-2008, which is the default PTP profile for clock synchronization.
-
SMPTE-2059-2: SMTPE ST2059-2015, which is the standard for video over IP.
-
Telecom-8275-1: ITU-T G.8275.1, which is the standard recommendation for telecommunications with Full Timing Support.
Full Timing Support is the term defined by ITU to describe a telecommunication network that can provide devices with PTP G.8275.1
profile on every hop. G.8275.2, which is not supported by ACI, is for Partial Timing Support that may have devices in the
path that do not support PTP.
-
Fabric Announce Interval – Specifies the logarithm of the mean interval in seconds with base 2 for a master port to send announce messages. The range
depends on the chosen profile.
-
Fabric Sync Interval – Specifies the logarithm of the mean interval in seconds with base 2 for a master port to send synchronization messages.
The range and the default depend on the chosen PTP profile.
-
Fabric Delay Interval – Specifies the logarithm of the mean interval in seconds with base 2 for a slave port to send delay request messages. The
range depends on the chosen PTP profile.
-
Fabric Announce Timeout – Specifies the number of announce messages that the system waits before the PTP announce message is considered expired.
The range and the default depend on the chosen PTP profile.
-
Advanced Settings – Click the arrow next to this section to expand.
how are profiles added here different from the one selected above?
-
Click +Add Profile to add a PTP profile. Profiles are used to define various parameters that are optimized for different use cases of PTP. Some
of those parameters include, but not limited to, the appropriate range of PTP message intervals and the PTP transport protocols.
A PTP profile is defined by many organizations/standards in different industries
-
In the Add Profile dialog, provide the Name.
-
From the Profile Template dropdown, select one of the available profiles.
Detailed information about the profiles is available in the Cisco APIC System Management Configuration Guide.
-
Update the default profile values as required by your specific use case.
-
Repeat this step to create any additional PTP Settings policies.
|
Step 14
|
Create a QoS DSCP policy.
This policy is part of the overarching QoS preservation across IPN use case. You can use the information in this section as
a reference, but we recommend following the full set of steps described in the QoS Preservation Across IPN chapter of the Features and Use Cases section of this document.
-
From the +Create Object dropdown, select QoS DSCP.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Provide policy details.
-
Admin State – Enables or disables the policy.
-
Advanced Settings – Click the arrow next to this section to expand.
Choose the DSCP value for each ACI QoS level. Each dropdown contains the default list of available DSCP values. You must choose
a unique DSCP value for each level.
-
Repeat this step to create any additional QoS DSCP policies.
Typically, we recommend applying this policy consistently across all sites that are part of your Multi-Site domain.
|
Step 15
|
Create a QoS SR-MPLS policy.
This policy is part of the overarching SR-MPLS use case. You can use the information in this section as a reference, but we
recommend following the full set of steps described in the Multi-Site and SR-MPLS L3Out Handoff chapter of the Features and Use Cases section of this document.
-
From the +Create Object dropdown, select QoS SR-MPLS.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Click +Add Ingress Rule to add an ingress QoS translation rule.
These rules are applied for traffic that is ingressing the ACI border leaf switches from an MPLS network and are used to map
incoming packet's experimental bits (EXP) values to ACI QoS levels, as well as to set differentiated services code point (DSCP)
and/or CoS values for the original traffic. To ensure that the specified CoS value is used for traffic egressing an ACI leaf
node, you must also configure CoS preservation feature as part of the "QoS Class Policies".
If a custom policy is not defined or not matched, default QoS Level (Level 3 ) is assigned.
-
In the Match EXP From and Match EXP To fields, specify the EXP range of the ingressing MPLS packet you want to match.
-
From the Queuing Priority dropdown, select the ACI QoS Level to map.
This is the QoS Level you want to assign for the traffic within ACI fabric, which ACI uses to prioritize the traffic within
the fabric. The options range from Level 1 to Level 6 . The default value is Level 3 . If you do not make a selection in this field, the traffic will automatically be assigned a Level 3 priority.
-
From the Set DSCP dropdown, select the DSCP value to assign to the traffic when it will be sent out of the destination ACI leaf switch.
The DSCP value specified is set in the original traffic received from the external network, so it will be re-exposed only
when the traffic is VXLAN decapsulated on the destination ACI leaf node.
If you set the value to Unspecified , the original DSCP value of the packet will be retained.
-
From the Set CoS dropdown, select the CoS value to assign to the traffic when it will be sent out of the destination ACI leaf switch.
The CoS value specified is set for traffic egressing the destination ACI leaf switch. This requires CoS preservation to be
enabled.
If you set the value to Unspecified , the original CoS value of the packet will be retained, but only if the CoS preservation option is enabled in the fabric.
For more information about CoS preservation, see Cisco APIC and QoS.
-
Click the checkmark icon to save the rule.
-
Repeat these steps for any additional ingress QoS policy rules within the same policy.
-
Click Add Egress Rule to add an egress QoS translation rule.
These rules are applied on the border leaf switches for the traffic that is leaving the ACI fabric via an MPLS L3Out and are
used to match the DSCP value of the packet and, if a match is found, set the MPLS EXP and CoS values based on the configured
policy.
If a custom policy is not defined or not matched, the default EXP value of 0 is marked on all labels. EXP values are marked in both, default and custom policy scenarios, and are done on all MPLS labels
in the packet.
Custom MPLS egress policy can override existing EPG, L3Out, and Contract QoS policies.
-
Using the Match DSCP From and Match DSCP To dropdowns, specify the DSCP range you want to match for assigning the egressing MPLS packet's priority.
-
From the Set MPLS EXP dropdown, select the EXP value you want to assign to the egressing MPLS packet.
-
From the Set CoS dropdown, select the CoS value you want to assign to the egressing MPLS packet.
-
Click the checkmark icon to save the rule.
-
Repeat these steps for any additional egress QoS policy rules.
-
Repeat this step to create any additional QoS SR-MPLS policies.
|
Step 16
|
Create a QoS Class Policies policy.
Cisco ACI provides a number of user-configurable QoS levels. Cisco APIC, Release 4.0(1) and later supports 6 user-configurable
QoS levels, while earlier releases supported 3. This step describes how to configure specific settings for each of these levels
using the Nexus Dashboard Orchestrator.
For detailed information about QoS functionality in ACI fabrics, see Cisco APIC and QoS.
The most common use case for these policies is to enable CoS preservation for traffic coming into your ACI fabric.
-
From the +Create Object dropdown, select QoS Class Policies.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
If necessary, enable Preserve CoS.
When traffic enters the ACI fabric, based on the configured QoS policy, each packet can be mapped to a ACI QoS level. These
QoS levels are then stored in the CoS field and DE bit of the packet's outer header while the original headers are discarded.
If you want to preserve the original CoS values of the ingressing packets and restore it when the packet leaves the fabric,
you can use this setting to enable the 802.1p Class of Service (CoS) preservation.
-
Click +Add Level to define configuration details for a specific QoS class.
The Add QoS Level Configuration windows opens.
-
In the Add QoS Level Configuration window, choose the QoS Level you want to configure and provide the configuration details.
-
MTU – The maximum transmission unit to be used for packets of this QoS class.
-
Minimum Buffer – The minimum number of reserved buffers. The number can be between 0 and 3.
The default value is 0.
-
Congestion Algorithm – The congestion algorithm used for this QoS Level.
-
Scheduling Algorithm – The scheduling algorithm used for this QoS Level.
-
Bandwidth Allocated – The percentage of total bandwidth allocated to this QoS Level. The value can be between 0 and 100.
The default value is 20.
-
PFC Admin State – The administrative state of the Priority Flow Control policy applied to FCoE traffic.
-
Admin State – Enables or disables the policy.
-
No Drop Cos – The CoS level to impose no drop FCoE packet handling even in case of FCoE traffic congestion.
-
PFC Scope – The Priority Flow Control (PFC) scope. Fabric-wide PFC for the entire fabric or IntraTor PFC for the spine switches only.
-
Repeat this step to create any additional QoS Class policies.
|
Step 17
|
Create an MCP Global Policy.
The mis-cabling protocol (MCP) is designed to handle misconfiguration that Link Layer Discovery Protocol (LLDP) and Spanning
Tree Protocol (STP) are unable to detect. MCP uses a Layer 2 packet to detect and disable ports that form loops in the external
infrastructure. You can use MCP packets to detect loops that involve the leaf switches and raise faults and events in the
fabric when that occurs. MCP can be enabled globally or per-interface. By default, MCP is disabled globally and is enabled
on each port, however you must enable MCP globally for it to function.
Note
|
If you configure and deploy an MCP global policy to one or more fabrics and then undeploy the template, the policy will remain
in the sites.
|
-
From the +Create Object dropdown, select MCP Global Policy.
Note that only a single MCP Global policy can be created.
-
In the right properties sidebar, provide the Name for the policy.
-
(Optional) Click Add Description and provide a description for the policy.
-
Enable Admin State to enable the policy.
-
Enable MCP PDU per VLAN.
This enables MCP to send packets on a per-EPG basis. If this option is disabled, the packets will only be sent on untagged
EPGs which allows detecting loops in the native VLAN only.
-
If you have enabled the Admin State, provide a Key to uniquely identify the MCP packets within the fabric.
-
If necessary, update the Loop Detect Multiplication Factor value.
This specifies the number of MCP packets that will be received by the ACI fabric before the Loop Protection Action occurs.
-
(Optional) Modify the additional MCP settings.
-
Initial Delay Time – the time before MCP starts taking action. From the system start until the Initial Delay Timer timeout, MCP will only create
a syslog entry if a loop is detected.
-
Transmission Frequency – the transmission frequency of the MCP packets.
|
Step 18
|
Click Save to save the changes you've made to the template.
|
Step 19
|
Click Deploy to deploy the template to the associated sites.
The process for deploying tenant policy templates is identical to how you deploy application templates.
If you have previously deployed this template but made no changes to it since, the Deploy summary will indicate that there are no changes and you can choose to re-deploy the entire template. In this case, you can
skip this step.
Otherwise, the Deploy to sites window will show you a summary of the configuration differences that will be deployed to sites. Note that in this case only
the difference in configuration is deployed to the sites. If you want to re-deploy the entire template, you must deploy once
to sync the differences and then redeploy again to push the entire configuration as described in the previous paragraph.
|