03-26-2019 05:11 AM
Hi folks,
I have a /32 IPs configured in the ACL traditional switch within same subnet and different subnet as well.
If i have to propose ACI solution and i need to restrict communication between Specific endpoints , which ACI solution I should use . Can we use Deny rule for the specific EPs within or between EPGs ?
Thank you
Solved! Go to Solution.
03-27-2019 09:15 PM - edited 03-27-2019 09:16 PM
No we can not deny a specific IP learned in the fabric. Since ACI groups EPs into EPGs it just based off contracts and/or preferred groups if you get more advanced. Contracts are based off protocols/ports. If you have any scenarios where you need EPs within an EPG to be restricted you can use Intra-EPG isolate. If this isn't your need the closest thing you can do is strategically configure your EPGs/contracts to segregate your workloads.
03-27-2019 09:15 PM - edited 03-27-2019 09:16 PM
No we can not deny a specific IP learned in the fabric. Since ACI groups EPs into EPGs it just based off contracts and/or preferred groups if you get more advanced. Contracts are based off protocols/ports. If you have any scenarios where you need EPs within an EPG to be restricted you can use Intra-EPG isolate. If this isn't your need the closest thing you can do is strategically configure your EPGs/contracts to segregate your workloads.
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide