Retrieve IPv6 dynamic addresses from Cisco ACI SDN connector
IPv6 dynamic addresses can be retrieved from Cisco ACI SDN connectors. IPv6 addresses imported from Cisco ACI to the Fortinet SDN Connector VM can be imported into the FortiGate as IPv6 dynamic addresses. The Fortinet SDN Connector VM must be running version 1.1.10 or later.
config firewall address6
edit <name>
set type dynamic
set sdn <ACI_connector>
next
end
The following example assumes the Fortinet SDN Connector VM has already connected to Cisco ACI and learned the IPv6 addresses. See Configuring the SDN Connector in the Cisco ACI Administration Guide for more information. The Dynamic Address List values for the DN with the filter tn-Fortinet/ap-ApplicationProfile/epg-App1 is used in this example.
To configure the Cisco ACI connector and dynamic address:
-
Configure the Cisco ACI SDN connector:
config system sdn-connector edit "aci_64.115_115" set type aci set server-list "10.6.30.115" set server-port 5671 set username "admin" set password xxxxxxx next end -
Verify that the SDN connector status is up:
# diagnose sys sdn status "aci_64.115_115" SDN Connector Type Status ------------------------------------------------------------- aci_64.115_115 aci Up
-
Configure the IPv6 dynamic firewall address (filters for tenant and endpoint group are used in this example):
config firewall address6 edit "aci-add6-App1" set type dynamic set sdn "aci_64.115_115" set color 17 set tenant "Fortinet" set epg-name "App1" next end -
Verify the list of resolved IPv6 addresses:
# diagnose firewall dynamic6 list "aci-add6-App1" aci_64.115_115.aci.Fortinet.App1.*: ID(220) ADDR(2001:cafe:654e:7d1:df4a:5f7c:3ab2:361a) ADDR(2001:cafe:da3:69c3:4136:eb69:90ea:9481) ADDR(2001:cafe:b9a7:793a:abc4:9c29:385b:6e11) ADDR(2001:cafe:1880:e8d5:21af:4837:854:603c) ADDR(2001:cafe:f00f:8d5b:f4f9:ab2c:98fe:32c0)