Virtual Lab Topology
The following is the virtual Lab topology. It consists of these virtual machines:
vCenter Server (also used as the RDP jumpbox)
ACI Simulator – Release Version 0.1e
APIC-1
Leafl and Leaf2
Spine-1
ESXi-1
ESXi-2
Linux
Task 1: This task will be completed.
Filter creation
Contracts
Explanation
To create the foundation of the application profile it is necessary that we create filters within our tenant to be used by the contracts. These contracts will be associated with EPGs, which will form our 3-Tier application profile. These are the tasks that will be completed within this section of lab.
How to Create Filters
NOTE: BEFORE YOU CREATE FILTERS OR CONTRACTS, PLEASE VERIFY THAT YOU ARE ON “Uninets’ TENANT
Create a web filter
In this section of the lab, we’ll first create a Web Server Filter
Expand the “Security Policies Window” in the Uninets tenant.
Select the “Filters” section
Click on the “ACTIONS” button in the right-hand panel
Select “Create Filter”.
Please follow the steps below:
In the “Name” window, type Web_Filter
Click on the “Entries” window and click on the “+”. A new entry window will open. Please fill in the following information:Name:web_filter
EtherType: IP
ARP Flag: Nothing
IP Protocol: tcp
Source Port/Range (From), Unspecified
Source Port/Range (To). Unspecified
Destination Port/Range (From:): http
Destination Port/Range (To:): http
TCP Session Rules Unspecified
Click on “UPDATE”.
4. After clicking the “UPDATE”, the “SUBMIT” button will become active. To create the web, please click on “SUBMIT”.
Create App Filter
Click on the “ACTIONS” button
Select “Create Filter”.
In the “Name” window, type App_Filter
Click on the “Entries” window and click on the “+”. A new entry window will open. Please enter the following information in each window:Name: app_filter
EtherType: IP
ARP Flag
IP Protocol: tcp
Source Port/Range (From), Unspecified
Source Port/Range (To). Unspecified
Destination Port/Range (From:): 1433
Destination Port/Range (To: 1433
TCP Session Rules Unspecified
Note:
After entering “1433” into “Destination Port/Range(From)” or “Destination Port/Range(To), make sure you don’t hit the tab key. If you do, the window might choose “https”, or another entry in its options. Make sure the window displays 1433 after you have entered 1433.
Click on “UPDATE”.
Create a DB Filter
Now, we will create a Database Server filter
Click on the “ACTIONS” button
Select “Create Filter”.
In the “Name” window, type in DB_Filter
Click on the “Entries” window and click on the “+”. A new entry window will open. Please enter the following information in each window:Name:db_filter
EtherType: IP
ARP Flag
IP Protocol: tcp
Source Port/Range (From), Unspecified
Source Port/Range (To). Unspecified
Destination Port/Range (From:): 1521
Destination Port/Range (To: 1521
TCP Session Rules Unspecified
Click on “UPDATE”.
Screen shots for all Filter created.
Contract Creation
Once the filters have been created, we can now create the contracts which will use them. Follow the steps below to create the different contracts and to associate the filters with them.
Create a Web Contract
First, we will create a Web Server Contract
Expand the “Security Policies Window” in the Uninets tenant.
Select the section “Contracts”.
Click on the “ACTIONS” button in the right-hand panel
Select “Create Contract”
Let’s create contracts as we have discussed:
In the “Name” window, type Web_Con
You can leave the other boxes as is and click on “+” next “Subjects:”.
In the “Name” window, type web_subj
Make sure that both the “Reverse Filter Ports” and “Apply Both Directions” check boxes are checked
Click on the “Filter Chain” window to add a filter.
Click on the drop-down arrow to view the list of filters and other options.