Cisco ACI - EPG Static Port Bindings With Ansible

  • Sun, Nov 26, 2023
  • 5-minute read

Hi 😊 After some months, I decided to publish a post related to Cisco ACI and the EPG Static Port Bindings using Ansible.

Why?

If you work with Cisco ACI, I can bet you hate ACI’s static EPG mapping on port/PC/vPC. Come on, don’t deny it 😉
We all waste hours during the week doing the same activity over and over again:
Choose the EPG and right-click, deploy statically, choose port type, choose encapsulation VLAN, choose deployment mode…

Now imagine you have 40 new hosts/encoders/devices and you need to deploy 20/30 EPGs on their ports: how many hours do you need? A LOT. Well, with this Ansible playbook you will complete the job in a few minutes and can spend your free time studying something interesting!

Let’s proceed

Ansible

Ansible is an open source automation platform that simplifies and accelerates the deployment and management of applications, network devices, and other IT resources. Ansible uses a simple, human-readable language called YAML to define tasks and workflows, and an agentless architecture that does not require any additional software or configuration on the target devices. Ansible can be integrated with various tools and platforms, such as Cisco ACI, to automate complex and repetitive tasks, such as configuration management, application deployment, and workflow orchestration.

In our example we will use Ansible to automate the static binding of the EPG to a specific port, a repetitive and boring task.

Here you can find the Official Ansible installation guide

Disclaimer

DYOR (Do Your Own Research). Test the procedure before apply changes into your production environment.

Cisco ACI Sandbox

If you want to replicate it or test the code, here is the Cisco ACI Sandbox detail:

Please note that the password may have changed by the time you read the post, do your research (Cisco usually publishes it)

I created some ACI object:

  • Tenant:
    • PROD
  • Application Profile:
    • PROD_ANP
    • TEST_ANP
  • EPG:
    • TEST-1_EPG (into PROD_ANP) - encapsulation VLAN 51
    • TEST-2_EPG (into PROD_ANP) - encapsulation VLAN 52
    • TEST-3_EPG (into TEST_ANP) - encapsulation VLAN 53
  • Interface Policy Group:
    • PC_Ansible_thetechguy (for Port-Channel)
    • vPC_Ansible_thetechguy (for Virtual Port-Channel)

Ansible Playbook

I prepared an Ansible playbook that deploy several EPGs to port, port-channel or virtual port-channel recursively.
I put all the variable out of the playbook so you don’t need to have coding/automation skills to run it, but you have just to edit the CSV and credential files.
In the GitHub repository you will find 3 files:

  • credentials.yml: Edit this file with your own APIC URL/Username/Password. If you are doing some test in the Cisco Sandbox, you don’t have to edit it
  • epgs.csv: Edit this file with your own EPG and port details. I would liked to review with you all the column in the CSV file:
    • epg: The name of the EPG
    • encap_id: The VLAN ID related to the EPG
    • ap: The name of the Application Profile
    • tenant: The name of the Tenant
    • pod_id: The POD ID
    • leaf: The leaves involved:
      • If the “interface_type” is a vpc: Put the leaves node ID, like: 101-102
      • If the “interface_type” is switch_port or port-channel: Put the leaf node ID, like: 101
    • interface_type: The type of the interface. Here are the options:
      • switch_port: Single/Access port
      • port-channel: Port-Channel (A port channel is an aggregation of multiple physical interfaces that creates a logical interface)
      • vpc: Virtual Port-Channel (A virtual port channel (vPC) allows links that are physically connected to two different Cisco Nexus 7000 or 9000 Series devices to appear as a single port channel by a third device)
    • interface_ipg: There are two options here:
      • If the “interface_type” is a vpc or port-channel: The name of the Interface Policy Group.
      • If the “interface_type” is switch_port: The port ID. To avoid excel’s random and annoying formatting, add the " ' " to the beginning of the string. i.e.: ‘1/8
    • interface_mode: The deployment mode of the EPG. Here are the options:
      • native or 802.1p: Use this label if you have a trunk and want to use this EPG as “native”.
      • untagged or access: Use this label if you want to deploy this EPG as untagged in this port/IPG.
      • tagged, regular or trunk: Use this label if you want to deploy this EPG as tagged in this port/IPG.
  • main.yml: This is the main code, you don’t have to edit it.

Here is an example of how to fill the CSV file: 01

You can find the code here
You can find the Cisco ACI Ansible folder here , I am adding more and more playbooks for common and repetitive Cisco ACI tasks

Here you can find the Official Ansible documentation for Cisco ACI
I’m using this specific module

Run the playbook

Here are the screenshots before the change. As you can see the EPGs are not deployed in any port, port-channel or virtual port-channel

02

03

04

Now, run the playbook:

ansible-playbook main.yml

05

If everything is in place, the result should look like this, with the EPGs distributed in the chosen port:

06

07

08

Great! Now, have a coffee with your extra free time and choose want to study 😉

Thanks for your time I hope that you’re enjoying my blog!
If you have some questions, please drop me a message through social networks!😊
👈 You can find the relative icons here on the left of the page

Riccardo

Cisco2023ACIAutomationDevNet