Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
851
Views
0
Helpful
4
Replies

Can I microsegment VM's without doing the Vcenter Intergration?

jgesualdi
Level 1
Level 1

‎12-07-2018 04:58 AM - edited ‎03-01-2019 05:43 AM

We just completed migrating our DC to ACI using network centric design. Each traditional vlan is now a BD/EPG. All our servers are VM's running on ESXI. I need to take 50 servers that are spread across 8 different BD/EPG's and put them in a new EPG. Now I know I can do something like this with the VMWARE integration and Useg but we are not ready for that . We are months away from trying that and I have immediate requirement to segment these 50 servers.  Can I manually do this without the Vcenter Integration? What would be the steps I need to consider? I don't want to re ip but I'm willing to put these into a new port group if that's necessary.

 

Thank you.

Labels:
0 Helpful
4 Replies 4

6askorobogatov
Level 1
Level 1

‎12-10-2018 09:06 AM

It is not clear what is "take 50 servers that are spread across 8 different BD/EPG's and put them in a new EPG" ? 

Is that you need to have 50 servers in one BD isolated in the groups ? 

0 Helpful

Ziga M
Level 1
Level 1

‎12-12-2018 10:56 PM

Hi,

 

First make sure you have EX/FX leaf(s). Integration with vCenter using vDS is very simple, you are an hour away from integration not months :) 

You could do uSEG on bare-metal domain https://www.cisco.com/c/en/us/td/docs/switches/datacenter/aci/apic/sw/3-x/virtualization/b_ACI_Virtualization_Guide_3_2_2/b_ACI_Virtualization_Guide_3_2_2_chapter_0100.html#concept_4196B1CABA8F487698069EC02FCE0071 based on IP/MAC "attribute" and manually create private vlans on vcenter... You want to put servers from different subnets into one bridge-domain? This won't work. Sollution would be to make 8 yEPGs (one for each BD) and then using permit any contract between these yEPGs.

0 Helpful

jgesualdi
Level 1
Level 1
In response to Ziga M

‎12-13-2018 04:57 AM

What I was thinking of doing is create a new-BD and link my 8 existing EPG's to the new-BD. Under this new-BD I would have the 8 existing subnets defined. I also would create a new-EPG  under this new-BD. This new-EPG would have the vm's  I need to move out of the 8 existing epg's.  In Vcenter my admins would create a new port group for new-EPG and they would assign the new port group to the VM's that need to move into new-EPG.  Has anyone done this?

0 Helpful

6askorobogatov
Level 1
Level 1
In response to jgesualdi

‎12-13-2018 05:45 AM

You can just create additional EPGs attached to the existing BDs and put you endpoints you want to segregate in those EPGs. They will use the same IPs (same BD) but you can apply different contracts. 

0 Helpful
Customers Also Viewed These Support Documents

Save 25% on Day-2 Operations Add-On License