Skip to main content

Illumio Core 24.2 Install, Configure, Upgrade

Supported Switches and Configurations

The following switches are supported in this release:

  • Cisco Nexus 9200 and 9300 series

  • Arista 7000 series

Switch Configuration

The following ACL and interface configurations are supported for the Illumio NEN integration:

ACL Implementation

Switch Interfaces

ACL Type

Router ACL (RACL)

RACLs support both inbound and outbound enforcement.

  • VLAN interface (SVI)

  • Layer 3 physical interface

  • Layer 3 port-channel interface

IPv4

Important

Unsupported interface and ACL configurations

The NEN does not support:

  • VLAN ACL (VACL) or Virtual Teletype (VTY) ACL as the ACL implementation

  • VLAN trunk port (switchport mode trunk) or sub-interface as the switch interface

  • MAC ACL type

  • IPv6 ACL type

  • PACLs for Layer 2 interfaces.

Administrative Access to the Switch

You or your network administrators need administrative access to your switches to configure them and load the NEN-generated ACLs.

Note

The PCE and the NEN do not send any communication to the switch and never log into the switch. The PCE and the NEN do not require root or admin privileges on the switch.

Sufficient TCAM

Your switch's ternary content-addressable memory (TCAM) must be sufficient to store the IPv4 RACLs generated by the NEN.

Note

Illumio does not provide a mechanism to check the TCAM depth or available memory for each platform. Your network or security administrators need to check whether the generated IP ACLs can be handled by the switch.

Enable sFlow

The NEN relies on sFlow to provide network traffic flow data for Illumination. Your switch must be configured with sFlow. See your vendor documentation for information.

Configure sFlow Output

The output of sFlow from the switch must be sent to the PCE so it can be monitored. The well-known port for sFlow is port UDP 6343. See Configure Switches for NEN for information.

Network Connectivity between Switches and NEN

The NEN listens for sFlow from the switches.

Important

Ensure that your network is configured to allow communication between your switches and the NEN.

Switch Information

You need to provide switch-related information in the PCE web console. See the table listed in Add Unmanaged Workloads and Switch Definitions in the PCE Web Console for information.

See also: