Cisco ACI IN-BAND MANAGEMENT Configuration [Step By Step]

Introduction:

Through this guide we will be going over how to configure In-Band management for ACI: APIC, Leafs, and Spine switches step by step. The objective is to allow endpoints outside of ACI fabric to access the APIC, leafs, and spines using their In-Band Management IPs.

Initial Setup:

ACI vesion 4.2(2i)

Topology:

I- CONFIGURING IN-BAND Fabric ACCESS POLICIES:

The first part of the In-Band Management configuration is the creation of all access policies for the leaf fabric interfaces that connect to your APICs. In my setup LEAF-1 and LEAF-2 are connected to APIC-1, APIC-2, and APIC-3 using interfaces Eth1/46-48 as shown in the previous topology.

1- Leaf Profile configuration:

Navigate to the following APIC web GUI path:
Fabric -> Access Policies -> Switches -> Leaf Switches -> Profiles

Right click Profiles and then Create Leaf Profile

Enter the name of the LEAF profile “Leaf-101-102_Inband_LeafProfile” and give a name for Leaf selector then chose the Leafs that will participate in this Leaf profile.

Click NEXT then finish , ignore interface association , we go back for it later.

2- Create Interface Profile:

Navigate to: Fabric -> Access Policies -> Interfaces -> Leaf Interfaces -> Profiles

Right click Profiles then Create Leaf Interface Profile:

In the Interface Selectors field , click on (+) sign to create inteface Selector, give it a name and chose interfaces id which are connected to APICs on Leaf1 and Leaf2.

According to our topology Leaf1 & 2 are connected to APICs through interfaces Eth1/46 (APIC-1), Eth1/47(APIC-2) and Eth1/48(APIC-3).

So, in interface IDs field we specify 1/46-48:

3- Create Interface Policy group:

Next, we create The Interface Policy group in which we define the specification of our ports. click on Interface Policy group and then select:

“Create Leaf Access port Policy Group”

We give our Interface policy group a name InBand-PolicyGroup then we create an LLDP Policy and an Attached Entity Profile (AAEP):

Now, we create LLD interface Policy: “LLDP ENABLE”

click submit then save:

Next step is to create the AEP:

4- Create AAEP:

To create the AAEP, navigate to the following APIC web GUI path:
Fabric -> Access Policies -> Policies -> Global -> Attachable Access Entity Profiles

Right-click on Attachable Access Entity Profiles and click “create Attachable Access Entity Profile“:

A pop-up will show, assign a name to the AEP:

5- Create Physical Domain:

Then, we create a physical domain:

click (+) sign to create it directly or navigate to the following APIC web GUI path:
Fabric -> Access Policies -> Physical and External Domains -> Physical Domains

We crate “InBand_PhysDomain”:

6- Create VLANPool:

navigate to the following APIC web GUI path:
Fabric -> Access Policies -> Pools -> VLAN

and right click create VLAN Pool.

give a name for the VLAN Pool “InBand_VLANPool”, and chose static allocation mode:

Chose the InBand vlan ID and static mode allocation , click Ok:

verification:

Associate VLAN pool to physical Domain and chose the AAEP:

At this step, Access policies for the Inband management configuration are done, we pass to mgmt tenant configuration:

II- CONFIGURING MGMT TENANT POLICIES:

Navigate to : Tenant -> ALL TENANTS -> mgmt

click on Mgmt Tenant:

By default ACI will come with a Bridge Domain named inb which will be configured to use the inb VRF.Now we will define the subnet we want to use for In-Band Management in our inb Bridge Domain.

Navigate to : Tenants -> mgmt -> Networking -> Bridge Domains -> inb