Cisco Cisco Prime Network Services Controller Adaptor for DFA 产品宣传页

 

 

© 2015 Cisco and/or its affiliates. All rights reserved. This document is Cisco Public Information. 

Page 7 of 45 

◦ 

A tenant-edge firewall is deployed, in which all subnets within a given VRF instance must pass through 

the firewall. Dynamic or static routing needs to be selected for the inside and outside interfaces of the 

firewall. 

◦ 

An east-west Layer 3 firewall is deployed, in which the firewall is a default gateway for a protected 

subnet. Dynamic or static routing needs to be selected to connect the outside interface of the firewall. 

● 

Depending on the kind of deployment you prefer, select and configure relevant autoconfiguration profiles in 

Cisco Prime

™

 Data Center Network Manager (DCNM) from a prepackaged list. 

● 

Attach end hosts, firewall, and other required appliances to the fabric. 

● 

When static routing is used, manually add static routes on fabric devices. 

● 

Begin using your solution. 

Deployment scenarios are not limited to ones listed here. However, Cisco Prime DCNM conveniently comes with 

prepackaged autoconfiguration profiles for these scenarios because they are the most popular ones. If you are 

working with atypical deployment cases, you will find relevant information later in this document. 

The autoconfiguration profile is a powerful feature that helps provision the related configuration. It consists of a set 

of configuration commands, which are grouped together to achieve certain goals and provision a specific function. 

Provisioning is performed on demand within the Cisco Unified Fabric infrastructure and is directly related to service 

node integration. 

Two types of profiles exist: partition autoconfiguration profiles and network autoconfiguration profiles.  

Cisco Unified Fabric with automation stores a predefined set of network autoconfiguration profiles in the 

OpenLDAP directory service accessible through the Lightweight Directory Access Protocol (LDAP). OpenLDAP 

runs in Cisco Prime DCNM and stores all the relevant data.  

Partition autoconfiguration profiles are included and stored as part of the default leaf configurations and are 

included as part of the PowerOn Auto Provisioning (POAP) process. The relevant partition profile is populated 

during instantiation with the parameters received from LDAP.  

Network autoconfiguration profiles typically include only the host-side configuration details, such as switch port 

access and trunk mode, VLAN and bridge domain ID membership, switched virtual interface (SVI) and VRF 

membership information, the forwarding mode (Enhanced Forwarding, Traditional Forwarding, or plain Layer 2 

mode), etc.  

Note that a network autoconfiguration profile can specify only its particular VRF membership, but not the VRF 

definition and VRF configuration itself. The VRF definition and all relevant configurations are defined as part of the 

partition autoconfiguration. To correlate the two types of autoconfiguration profiles, network profiles are configured 

with an include statement, like this: 

config profile sampleNetworkProfile 

  vlan $vlanId 

   vn-segment $segmentId 

   --omitted for brevity -- 

 include profile samplePartitionProfile 

end