cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
1173
Views
10
Helpful
0
Comments
Dick Qiu
Level 1
Level 1

Prerequisites

  1. VMware Trunk Port Group is supported from ACI version 2.1
  2. VMM integration must be configured properly
  3. ASA device package must be uploaded to APIC
  4. ASAv version must be compatible with ACI and device package version

Configuration

  •  Create trunk port groupcreate_trunk_port_group.png

 

  • Create L4-L7 devicecreate_l4l7_device.png
  • Enable Trunk Port Group on your L4-L7 devicel4l7_device_tick_tpg.png
  • Create your L4-L7 templatecreate_l4l7_device.png
  • Enable "Trunk Port Group" in your L4-L7 devicel4l7_device_tick_tpg.png
  • Connect your ASAv VM to the VMM created Trunk Port Groupconnect_vm_to_tpg.pngtrunk_port_group.png
  • Create L4-L7 templatel4l7_template_1.png

     

    l4l7_template_2.png

     

     

  • Apply L4-L7 template 

     

    apply_template_1.pngapply_template_2.png

      

     

    apply_template_3.png

     

 

 

Verification

 

diqiu-asav# show int ip br
Interface                  IP-Address      OK? Method Status                Protocol
GigabitEthernet0/0         unassigned      YES unset  up                    up
GigabitEthernet0/0.2669    10.1.1.1        YES manual up                    up
GigabitEthernet0/0.2670    10.1.2.1        YES manual up                    up
GigabitEthernet0/1         unassigned      YES unset  administratively down down
GigabitEthernet0/2         unassigned      YES unset  administratively down up
GigabitEthernet0/3         unassigned      YES unset  administratively down up
GigabitEthernet0/4         unassigned      YES unset  administratively down up
GigabitEthernet0/5         unassigned      YES unset  administratively down up
GigabitEthernet0/6         unassigned      YES unset  administratively down up
GigabitEthernet0/7         unassigned      YES unset  administratively down up
GigabitEthernet0/8         unassigned      YES unset  administratively down up
Management0/0              10.66.80.54     YES manual up                    up

The sub-interfaces would be automatically created without additional efforts in the parameters section.

Also the VLANs are automatically allocated from the VMM domain.

 

We can also check if the VLANs are trunked in the port-group

In the below example:

vlan-2670 is allocated to inside shadow EPG (you won't be able to see this in APIC, that's why it's called "shadow")

vlan-2669 is allocated to outside shadow EPG

vlan-2334 is allocated to db EPG (real EPG)

vlan-2667 is allocated to web EPG

 

vlan-2670 and vlan-2334 belong to same BD, db.

vlan-2669 and vlan-2667 belong to another BD, web.

 

And the trunk port group is going to allow all these VLANs.

 

verify_tpg.png

 

 

Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community: