Interface Policies

Interface Profiles
Understanding Containers
ACI Access Policies
VMware Domain Definition
Linux Host Setup
ACI Kubernetes
Configure VMware Integration
Initialize Kubernetes
Deploy Applications

Access Policies

The first step in configuring the integration is setting up the acccess policies of the ACI fabric for the uplink interfaces of the compute hosts. So what is the purpose of acccess policies in ACI?

Access Policies in ACI can be explained as the mechanism to define how a port is going to behave. In access policies you define parameters such as SPEED ( 1GB, 10GB, 25GB, 40GB, 50GB, 100GB, etc), link aggregration protocol, Spanning Tree Protocol, CDP or LLDP, etc and others.

Under access policies we also create some constructs that are unique to ACI. These are AEP ( Attached Entity Profile ), VLAN Pools and Domains. These three are very important to understand for the ACI fabric to function.

A good way of viewing some of this can be explained as follows:

  • Domains
    You can think of these as giving the ACI fabric the "how" it needs to attach a device into the fabric. There are four distinct domains in the fabric: Physical Domains, External Bridge Domains, External Routed Domains and VMM Domains.
    • Physical Domains
      Generally used for bare metal servers without any VMM integration
    • External Bridge Domains
      These are used for Layer2 external connectivity that are not very popular.
    • External Routed Domains
      These are used for Layer3 external routed domains and are required for all ACI Layer3 external connections
    • VMM Domains
      These are built by integration tools and provide a linkage between a external VMM domain and the fabric policies that rule how to connect to them.
  • VLAN Pools
    These provide the ACI fabric the knowledge of what VLAN tagged packets will be arriving on specific ports. VLANs in ACI are used as classifier to EPG and the fabric needs to know what VLAN it is expected to receive on a port. Think of this as switchport trunk allowed vlan [range].
  • AEP ( Attacheable Entity Profile )
    Think of AEP as the connection between what a interface configuration can do and the role it will take ( physical server, VMM port ) in the ACI fabric. This is important for various reasons. For example, in a VMM domain endpoints move from port to due to VM mobility but are static in bare metal physical servers.
In the next steps you will define a series of Access Policies that will connect your physical server to the ACI fabric. These policies you are going to build are unique for your POD in this to make sure changes don't affect other students.

For this lab we ask you to be cautious when working with the policies to insure you don't affect other student labs.

Lab Toplogy

For this lab you will have one physical server connected to a real ACI fabric. Each physical server will be connected as link aggregated BOND interface for redundancy.

Step 1 - Connect to ACI fabric

You will need to point the browser in your VNC session to the APIC in this lab. Using the same Chrome browser that you are using to read this guide, go to the URL: Your POD APIC at

The credentials for this APIC are:

  • User ID: acik8spod09
  • Password: cisco.123

In this section is very important to follow the naming convention. Can you still follow the copy and paste or type on the APIC.

Step 2 - Create Attacheable Entity Profile

In the ACI fabric you have to go to the Access Policies in the Menu.

The AEP will be named: k8s_pod09_aep

Step 3 - Create Interface Policy Group

The interface policy group will be named: k8s_pod09_pg and you have to select the options for link level, cdp, mcp, lldp, l2 learn policies and AEP.

And click Submit

Step 4 - Create Interface Profile

The Leaf Interface Profile will be named: k8s_pod09_int_profile

  • The Port Selector will be named: k8s_pod09_access_port
  • The interface ID will be: 1/9