Cisco Cisco Prime Network Services Controller Adaptor for DFA 产品宣传页
© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information.
Page 22 of 45
●
On the leaf node for each protected network you need to configure static rout
es pointed toward the firewall’s
outside interface IP address.
●
The configuration of the Traditional Forwarding mode or Enhanced Forwarding mode of the profile
serviceNetworkIpv4TfStaticRoutingFWProfile for the outside network also includes the configuration of
the vrf-common-Static partition profile. This partition profile promotes the redistribution of the static IP
address routes into
the fabric’s MP-BGP.
Autoconfiguration Profiles for Typical Deployment Use Cases
Table 2 summarizes the autoconfiguration profiles for common deployment scenarios.
Table 2.
Autoconfiguration Profiles for Typical Deployment Scenarios
Network Autoconfiguration Profile Name and Configurable Options
Use Case
defaultNetworkIpv4EfProfile
Configurable options:
● VLAN ID: The locally significant VLAN ID between the leaf node and the
host
● Segment ID: The globally significant segment ID that uniquely identifies a
given bridge domain
● VRF membership: Assigns a given network to a particular VRF instance
● Gateway IP address: IP address for the SVI that will serve as the default
● Gateway IP address: IP address for the SVI that will serve as the default
gateway for this VLAN
● DHCP server address: The address of the DHCP server from which the
DHCP relay will forward DHCP packets, if necessary
● Mobility domain: A value configured in the POAP template that enables
identification of the Layer 2 segment ID based on the VLAN and mobility-
domain information
domain information
Configurable options also include the partition profile vrf-common.
This profile is used to attach regular IPv4-only hosts, appliances,
and virtual machines to the fabric with enhanced forwarding and
a distributed gateway.
and virtual machines to the fabric with enhanced forwarding and
a distributed gateway.
All learned ARP entries are converted to/32 prefixes by the host
mobility manager (HMM) and distributed throughout the BGP
fabric.
mobility manager (HMM) and distributed throughout the BGP
fabric.
ARP and GARP broadcast is suppressed at the leaf layer.
defaultNetworkIpv4TfProfile
Configurable options:
● VLAN ID: The locally significant VLAN ID between the leaf node and the
host
● Segment ID: The globally significant segment ID that uniquely identifies a
given bridge domain
● VRF membership: Assigns a given network to a particular VRF instance
● Gateway IP address: IP address for the SVI that will serve as the default
● Gateway IP address: IP address for the SVI that will serve as the default
gateway for this VLAN
● DHCP server address: The address of the DHCP server from which the
DHCP relay will forward DHCP packets, if necessary
● Mobility domain: A value configured in the POAP template that enables
identification of the Layer 2 segment ID based on the VLAN and mobility-
domain information
domain information
Configurable options also include the partition profile vrf-common.
This profile is used to attach regular IPv4-only hosts, appliances,
and virtual machines to the fabric with Traditional Forwarding and
a distributed gateway.
and virtual machines to the fabric with Traditional Forwarding and
a distributed gateway.
All learned ARP entries are converted to/32 prefixes by HMM
and distributed throughout the BGP fabric.
and distributed throughout the BGP fabric.
ARP, GARP, and NDP broadcasts are forwarded throughout the
fabric with the intention of finding silent hosts.
fabric with the intention of finding silent hosts.
defaultNetworkL2Profile
Configurable options:
● VLAN ID: The locally significant VLAN ID between the leaf node and the
host
● Segment ID: The globally significant segment ID that uniquely identifies a
given bridge domain
● Mobility domain: A value configured in the POAP template that enables
identification of the Layer 2 segment ID based on the VLAN and mobility-
domain information
domain information
This profile does not include any VRF-specific partition profile.
This profile is used to create a single Layer 2 flood domain. That
is, all broadcast frames are flooded throughout the domain. In
contrast to plain Cisco FabricPath, this Layer 2 profile allows
more than 4000 VLANs in the fabric, and each VLAN maps to a
segment ID.
is, all broadcast frames are flooded throughout the domain. In
contrast to plain Cisco FabricPath, this Layer 2 profile allows
more than 4000 VLANs in the fabric, and each VLAN maps to a
segment ID.
This profile is used in conjunction with an east-west firewall,
where the firewall acts as a default gateway for a protected
VLAN. All hosts and inside interfaces of the firewall connect to
this VLAN.
where the firewall acts as a default gateway for a protected
VLAN. All hosts and inside interfaces of the firewall connect to
this VLAN.