In the event that my entire data centre were to shut-down, is it recommended that the VLANs for AD, vCentre, vCentre DB be configured as System VLANs so that when everything powers up the VEM modules can actually communicate with these systems in order to get their configs? I am aware that the system vlans pretty much negate any security applied to them however was looking to see the best practice.
Yeah it wouldn't be a bad idea. Just make sure to add the system vlan to the eth and veth port-profiles.
And remember you can only have 32 port-profiles with the system vlan command in them.
Also understand that when the VSM is not available to program the VEMs and a system vlan is present on the port-profiles that it is only basic connectivity that is allowed. No higher level features like ACLs or QOS will be working.
Let us know if you need more classification. You can also play with the concept if you want by building a small lab environment. The great thing about the N1KV is it does work on a nested ESXi environment so you can build an entire lab on one host.
This document will provide screenshots to outline the steps to setup
TACACS+ configuration to ACI and also the configuration required on
Cisco ACS server. Please find the official Cisco guide for configuring
TACACS+ Authentication to ACI:
Is it supported or NOT supported? It's a frequently asked question.
Before APIC, release 2.3(1f), transit routing was not supported within a
single L3Out profile. In APIC, release 2.3(1f) and later, you can
configure transit routing with a single L3Out pr...
Cisco Documents are usually accurate, but when it came to the document
on Cisco APIC Signature-Based Transactions it was slightly off the mark.
This document is for those novices to API like me who cant seem to
figure out how to go about performing signat...