INLAB 3 Create & Configure Access Policies & vPC
LAB 3 Create & Configure Access Policies & vPC
Task :
In this lab exercise, you will configure an access policy for your hypervisor.
- You will configure three pairs of interface and switch profiles.
- The first pair (LEAF101_IFP and LEAF101_SWP) will serve access interfaces on leaf-a,
- the second pair (LEAF102_IFP and LEAF102_SWP) access interfaces on leaf-b.
- The third pair (LEAF101-102_IFP and LEAF101-102_SWP) will cover vPC interfaces attached to leaf-a and leaf-b.
Go to Fabric > Access Policies > Interfaces > Leaf Interfaces, right-click the Profiles menu and choose Create Leaf Interface Profile.
Choosing the Create Leaf Interface Profile, starts the configuration of an interface profile for access interfaces on an individual leaf (as opposed to vPC interfaces attached to both leaves).
Enter the interface profile name LEAF101_IFP and click Submit. The interface profile will act as a container for all access connections on leaf-a. Later you will add interface selectors to specify the interface IDs for those connections.
In the same menu, configure an interface profile LEAF102_IFP for the access interfaces on leaf-b. Click Submit.
In the same menu, configure an interface profile LEAF101-102_IFP for the vPC on both leaves. Click Submit.
In Fabric > Access Policies > Switches > Leaf Switches, right-click Profiles, and choose Create Leaf Profile.
Choosing the Create Leaf Profile, starts the configuration of a leaf profile, also known as switch profile. The first profile will identify leaf-a.
Enter the switch profile name LEAF101_SWP and click the plus sign (+) to add a leaf selector. Enter LEAF101 as the switch selector name. From the drop-down menu of the Blocks column, choose leaf-a.
Continue the switch profile LEAF101_SWP configuration by clicking anywhere outside of the Blocks window. Then click Update without defining any policy group. Click Next in the lower right corner.
Associate the switch profile with the interface profile LEAF101_IFP (for leaf-a access interfaces) and click Finish.
In the same menu, right-click Profiles and choose Create Leaf Profile. Enter the leaf profile name LEAF102_SWP to identify leaf-b. Click the plus sign (+) to configure a leaf selector LEAF102. From the drop-down menu of the Blocks column, choose the second leaf. Click anywhere outside of the Blocks window. Then click Update without defining any policy group and choose Next.
Associate the switch profile with the interface profile LEAF102_IFP (for leaf-b access interfaces) and click Finish.
In the same menu, right-click Profiles and choose Create Leaf Profile. Enter the leaf profile name LEAF101-102_SWP to identify both leaves. Click the plus sign (+) to configure a leaf selector LEAF101-102. From the drop-down menu of the Blocks column, choose both leaves. Click anywhere outside of the Blocks window. Then click Update without defining any policy group and choose Next.
Associate the switch profile with the interface profile LEAF101-102_IFP (for vPC interfaces) and click Finish.
Configure vPC Pair
A vPC domain is associated with a vPC security policy. The vPC security policy defines the leaf switches that belong to the vPC domain. You will review the default vPC domain, and add both leaf switches to the vPC security policy.

Please login here to comment.