Prerequisites
- VMware Trunk Port Group is supported from ACI version 2.1
- VMM integration must be configured properly
- ASA device package must be uploaded to APIC
- ASAv version must be compatible with ACI and device package version
Configuration
- Create trunk port group
- Create L4-L7 device
- Enable Trunk Port Group on your L4-L7 device
- Create your L4-L7 template
- Enable "Trunk Port Group" in your L4-L7 device
- Connect your ASAv VM to the VMM created Trunk Port Group
-
Create L4-L7 template
-
Apply L4-L7 template
Verification
diqiu-asav# show int ip br
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 unassigned YES unset up up
GigabitEthernet0/0.2669 10.1.1.1 YES manual up up
GigabitEthernet0/0.2670 10.1.2.1 YES manual up up
GigabitEthernet0/1 unassigned YES unset administratively down down
GigabitEthernet0/2 unassigned YES unset administratively down up
GigabitEthernet0/3 unassigned YES unset administratively down up
GigabitEthernet0/4 unassigned YES unset administratively down up
GigabitEthernet0/5 unassigned YES unset administratively down up
GigabitEthernet0/6 unassigned YES unset administratively down up
GigabitEthernet0/7 unassigned YES unset administratively down up
GigabitEthernet0/8 unassigned YES unset administratively down up
Management0/0 10.66.80.54 YES manual up up
The sub-interfaces would be automatically created without additional efforts in the parameters section.
Also the VLANs are automatically allocated from the VMM domain.
We can also check if the VLANs are trunked in the port-group
In the below example:
vlan-2670 is allocated to inside shadow EPG (you won't be able to see this in APIC, that's why it's called "shadow")
vlan-2669 is allocated to outside shadow EPG
vlan-2334 is allocated to db EPG (real EPG)
vlan-2667 is allocated to web EPG
vlan-2670 and vlan-2334 belong to same BD, db.
vlan-2669 and vlan-2667 belong to another BD, web.
And the trunk port group is going to allow all these VLANs.