Cisco ACI Contracts Explained: Configure

Following is the virtual Lab topology, which consists of the following virtual machines:

● vCenter Server (also use as the RDP jump box)

● ACI Simulator – release version 0.1e

● APIC-1

● Leafl and Leaf2

● Spine-1

● ESXi-1

● ESXi-2

● Linux

Task 1: The Following task will be completed.

● Creating Filters

● Creating Contracts

Explanation

To build the foundation of the application profile, it is necessary to create filters within our tenant that will be utilized by the contracts. Those contracts will then be associated with EPGs that will make up our 3-‐Tier application profile. The following are tasks that will be completed in this section of the lab.

Creating Filters:

Note: PLEASE MAKE SURE THAT YOU ARE ON THE “Uninets” TENANT BEFORE CREATING FILTERS AND CONTRACTS

Create Web Filter

In this portion of the lab, we will first create a Web Server Filter

1) In the Uninets tenant, expand the “Security Policies” window on the left-‐hand panel

2) Select the “Filters” section

3) on the right-‐hand panel, click on the “ACTIONS” button

4) Select “Create Filter”

PLEASE FOLLW THE FOLLOWING STEPS:

1) In the “Name” window, type in Web_Filter

2) On the “Entries:” window, click on the “+” and a new entry window will Please provide the following information under each window:

● Name: web_filter

● EtherType: IP

● ARP Flag: Nothing

● IP Protocol: tcp

● Source Port/Range (From): Unspecified

● Source Port/Range (To): Unspecified

● Destination Port/Range (From): http

● Destination Port/Range (To): http

● TCP Session Rules: Unspecified

3) Click on “UPDATE”

4) Once the “UPDATE” button is clicked, the “SUBMIT” button will be active. Please click on “SUBMIT” to create the web

Create App Filter

1) Click on the “ACTIONS” button

2) Select “Create Filter”

1) In the “Name” window, type in App_Filter

2) On the “Entries:” window, click on the “+” and a new entry window will appear. Please provide the following information under each window:

● Name: app_filter

● EtherType: IP

● ARP Flag:

● IP Protocol: tcp

● Source Port/Range (From): Unspecified

● Source Port/Range (To): Unspecified

● Destination Port/Range (From): 1433

● Destination Port/Range (To): 1433

● TCP Session Rules: Unspecified

Note:

When entering in “1433” into the window for “Destination Port/Range (From)” and “Destination Port/Range (To)”, make sure that you do not hit the tab key after entering in 1433. If you do so, the window may choose “https” or another entry in the options. So make sure that after you enter 1433, that the window shows 1433.

3) Click on “UPDATE”

Create DB Filter

We will now create a Database Server filter

1) Click on the “ACTIONS” button

2) Select “Create Filter”

1) In the “Name” window, type in DB_Filter

2) On the “Entries:” window, click on the “+” and a new entry window will appear. Please provide the following information under each window:

● Name: db_filter

● EtherType: IP

● ARP Flag:

● IP Protocol: tcp

● Source Port/Range (From): Unspecified

● Source Port/Range (To): Unspecified

● Destination Port/Range (From): 1521

● Destination Port/Range (To): 1521

● TCP Session Rules: Unspecified

Click on “UPDATE”

Screen Shots for all Filter Created.

Creating Contracts

With the filters created, we will now create the contracts that will use those filters. Please follow the procedures below to create the various contracts and associate the filters to those contracts.

Create Web Contract

We will first create a Web Server Contract

1) In the Uninets tenant, expand the “Security Policies” window on the left-‐hand panel

2) Select the “Contracts” section

3) On the right-‐hand panel, click on the “ACTIONS” button

4)Select “Create Contract”

Lets Create Contracts as mentioned:

1) In the “Name” window, type in Web_Con

2) Leave the other boxes default and click on the “+” next to “Subjects:”

1) In the “Name” window, type in web_subj

2) Make sure both “Reverse Filter Ports” and “Apply Both Directions” check box is checked

3) Under the “Filter Chain” window, click on the “+” sign to add a filter

4) From the drop-‐down arrow, click on that arrowto show the listof filters and select “Web_Filter” under the “Uninets” tenant

5) Once selected, click on “Update”

1) Click on “OK” to complete the filter chain selection

2) Please click on “SUBMIT” button to create the web server

3) We will now create an Application Server Contract and DB Contracts. In same

Screen Shots for App Contracts and its association with App_Filter

Screen Shots for DB Contracts and its association with DB_Filter 

Below Figure will show you