Cisco ACI Integration
The Cisco ACI integration is currently in customer preview and is not yet generally available. Contact support@netboxlabs.com to join the preview.
Overview
The Cisco ACI integration discovers fabric inventory data from your Cisco Application Policy Infrastructure Controller (APIC) and ingests it into NetBox via the Diode SDK. Discovered data is staged as deviations in NetBox Assurance, where you review and apply changes before they are written to NetBox. This gives you full visibility and control over what enters your source of truth, without manual data entry.
Run the integration on a schedule to continuously surface operational drift — when devices, interfaces, prefixes, or VLANs change in the ACI fabric, Assurance highlights exactly what has diverged from NetBox so you can act on it deliberately rather than discovering discrepancies later.
What Gets Synchronized
- Devices - APIC Controllers, Spine Switches, and Leaf Switches
- Device Types - derived from hardware model strings reported by the fabric
- Platforms - per-version APIC platform for controllers (
"Cisco APIC {version}"); stable"Cisco NX-OS"platform for spine and leaf switches - Interfaces - physical interfaces, Layer 3 routed interfaces, SVIs, and management interfaces
- VRFs - ACI tenant VRF contexts
- Prefixes - bridge domain subnets and L3Out external subnets
- VLAN Groups - ACI VLAN pools
- VLANs - VLANs assigned via static bindings, L3Out attachments, and L2Out attachments
- IP Addresses - bridge domain gateway IPs, L3Out interface IPs, and out-of-band management IPs
- MAC Addresses - from physical and logical interfaces
For full details of ACI to NetBox object and attribute mappings, see the Technical Info section.
Key Features
- Fabric device discovery - discovers all APIC controllers, spine switches, and leaf switches across all pods
- Physical interface inventory - resolves NetBox interface type from transceiver hardware model (
ethpmFcot) with fallback to operational speed (ethpmPhysIf) - LAG/vPC interface inventory - discovers port-channel and vPC aggregates with VLAN and AAEP assignments
- VRF context mapping - maps ACI tenant VRF contexts to NetBox VRFs with tenant name tracking and L3Out summary
- Prefix discovery - discovers bridge domain subnets and L3Out external subnets with VRF binding
- VLAN tracking - maps VLAN pools to VLAN groups and tracks VLAN assignment from static bindings and L2/L3Out attachments
- IP address discovery - captures bridge domain gateway IPs, L3Out interface IPs, and management IPs
- ACI metadata via custom fields - stores fabric-specific data such as pod ID, node ID, tenant name, bridge domain name, AAEP name, policy group, and EPG static binding summaries directly on NetBox objects
- Operational drift detection - run on a schedule to continuously surface changes in the ACI fabric as deviations in NetBox Assurance, so discrepancies between the fabric and your NetBox data are visible and actionable
- Tenant and pod scope filtering - optionally restrict ingestion to specific tenants or pods
- Bootstrap mode - creates custom fields and static entities in NetBox before the first full fabric sync
Integration Architecture
The Cisco ACI integration is built on the NetBox Labs controller integrations framework:
- Standardized integration pattern - consistent approach across all controller integrations
- NetBox Assurance integration - uses NetBox Assurance for safe data ingestion and deviation management
- Agent based - runs as part of the NetBox Discovery agent ecosystem using the Orb Agent Pro image
- One-way sync - data flows from ACI to NetBox only; no changes are written back to the APIC
Compatibility
Supported NetBox Versions
- NetBox Cloud and NetBox Enterprise v4.1 and later with NetBox Assurance
Supported Cisco ACI Versions
- Cisco APIC 5.x and later