Let’s Talk
Select Page

How to create objects and build out a script for what you need.

Switch Selector and Switch Profile

After your ACI fabric is built and brought up, you want to work on your Switch Profiles and Interface Profiles.  The profile is like a container.  It doesn’t do anything unless you fill it.  You should set up a profile for each leaf in your fabric and another for each pair of leaves that comprise the VPC domain.  You could create other groups if you had a reason or need.

The switch profile contains the switch selector object. When you create the switch profile, you’ll add the switch to it through the switch selector button. There’s a one-to-one mapping between the switch profile and interface profile.

Interface Profile and Interface Selector

You use a similar process here as you did with the Switch Selector and Profile. Create one interface profile for each leaf and one for each leaf in the VPC profile.  The interface profile contains the interface selector object.  Within the interface selector, you can attach an Interface Policy Group.  This describes the policies that will be defined for the interfaces selected.  There’s a question at this time whether we can, or would want to, create an interface selector per interface on a leaf, or create in ranges. ACI likes symmetry – You’ll make things simpler if you always dual connect when possible, and always use the same ports (port e1/1 on switches 1 and 2 for example).

Interface Policies and the Policy Group

Interface Policies are used to define individual interface-level settings (e.g., CDP off/on, LACP Active or Off, etc.). The interface policy group combines the interface policies into a cohesive group.  It’s also where you attach the AEP that defines the VLAN’s accessible on the interface.  The Interface Policy Group is attached via the interface selector screen. (You can do this when you create the Interface Selector, or afterwards.)  There are four types of IPG-Access, PC, VPC and Override – In our example, because it is the most common, we use VPC.


The AEP is fairly unique to ACI.  It’s difficult to find an equivalent in normal networking.  The closest is the switchport-allowed VLAN command. It takes the physical/virtual domains the VLAN pools (groups of VLANs) exposed to them and is called by the Interface Policy Group for inclusion into the port configuration. The domain is also tied to the VLAN.


The Domain is an object that defines what type of device is being connected.  Possible actions are: Physical, virtual, L2 external, L3 external.  The Domain is also tied to a VLAN pool and is used to associate the pool object to the AEP.

VLAN Pool (Static/Dynamic)

The Pool object defines what VLANS’s should be visible to the domain/AEP.  You will always use dynamic for VMware (or other hypervisors) and static for all others.

When figuring out your own VPC workflow, be methodical and consistent, and come up with a naming standard—Naming is key in ACI. When complete, use the API Inspector to automate the process.

Note: The learning curve for ACI can be steep at the beginning.  However, the good news is that it tapers off in the end.

For questions, or more information on Cisco ACI, contact the experts at LA Networks at (818) 333-4880 or info@la-networks.com.