Buy or Renew
Buy or Renew
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
4936
Views
10
Helpful
2
Replies

ACI Standard Contract vs Taboo

Go to solution
Wessam-88
Level 1
Level 1

‎09-15-2019 03:49 PM

Hi, 

 

Can someone clear me the below questions regarding Standard contracts and Taboo contracts :

 

1) As i get tell now that when i create a standard contract filters, i can choose actions at subject for filters (deny or permit)

Based on this i can deny a few type of traffic , then allow the rest (permit any any)

*So why i would need  to use Taboo contract?

 

2) Do i have to apply Taboo contract to two EPGs or just one, and how it work?

 

Thanks,

Labels:
0 Helpful
1 Accepted Solution

Accepted Solutions

Go to solution
RedNectar
VIP
VIP

‎09-15-2019 04:26 PM

Hi @Wessam-88 ,

Here is my advice.

Forget Taboo conracts exist, and never use them.  Also avoid using deny filters if possible.

Taboo filters don't work "between" EPGs, but are applied to an etire EPG.

So if you wnated to prevent an EPG from ever using cleartext communications, you could apply a taboo contract with filters for port 80 and 23 say.

But don't do that. Do it right the first time.

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.

View solution in original post

2 Replies 2

Go to solution
Wessam-88
Level 1
Level 1

‎09-15-2019 03:55 PM

Hi @RedNectar , Thanks for help

0 Helpful

Go to solution
RedNectar
VIP
VIP

‎09-15-2019 04:26 PM

Hi @Wessam-88 ,

Here is my advice.

Forget Taboo conracts exist, and never use them.  Also avoid using deny filters if possible.

Taboo filters don't work "between" EPGs, but are applied to an etire EPG.

So if you wnated to prevent an EPG from ever using cleartext communications, you could apply a taboo contract with filters for port 80 and 23 say.

But don't do that. Do it right the first time.

I hope this helps

 


Don't forget to mark answers as correct if it solves your problem. This helps others find the correct answer if they search for the same problem

RedNectar aka Chris Welsh.
Forum Tips: 1. Paste images inline - don't attach. 2. Always mark helpful and correct answers, it helps others find what they need.
Customers Also Viewed These Support Documents

Review Cisco Networking for a $25 gift card

Save 25% on Day-2 Operations Add-On License