Secure Datacenter Architecture (colo); Enterprise VLANing and IP management
In the beginning stages of a datacenter migration, I am trying to uncover best methods for deploying a large scale datacenter in a secure Layer 2 and 3 environment.
The end goal here is to achieve not only broadcast domain segregation, but also IP address control and management, all while trying to minimize administrative and technical overhead.
The existing network is built on 5505, 3550 and 2950 edge aggregation switches, terminated on a 6506 core switch.
The existing infrastructure includes more than 2000 individual servers and growing rapidly; this design must be scalable (with obvious network growth) into the tens of thousands of servers.
I have reviewed a number of methods to achieve this, the most appealing (for IP utilization) seems to be Cisco's pVLAN implementations with IP access lists to prevent malicious or inadvertant IP theft. Unfortunately, according to the Cisco docs I've read, this feature is not supported in the 5500 series devices, or fully in many of the lower level devices mentioned above.
If anybody can point me in the right direction for existing or proposed solutions, ideally utilizing this infrastructure, and minimizing system load and administration, I would greatly appreciate it.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...