Is there something similar to device hardening best practices for ACI? This is what I am referring to for NX-OS - https://www.cisco.com/c/en/us/about/security-center/securing-nx-os.html Looking for some best practices on securing the ACI infrastr...
Forum Posts
We have a problem in ACI, I want to connect 2 Firewall because this firewall has internet but when I connect 1 interent its working good, whe I try to connect the second Internet its not working, so In the ACI we have diferrent Bridge Domain and Diff...
Resolved! multi-pod vs stretched fabric
Could someone please shed the light on whether we could have identical vlans and subnets on both sides of a multipod or stetch fabric ACI deployment? Thanks... _ Greg....
If you want your firewall to inspect traffic flowing through it but also receive traffic directed at it, what would be the preferred deployment choice. Could i use PBR and also receive traffic destined to the Firewall? Thanks
Please can someone point to resource group or attribute that can be used to export contracts in ACI for inter-vrf communication
Hello Community,can we add VM APICs (active or standby) to existing HW APIC bundle APIC-CLUSTER-M3 (with 3x HW servers) for higher redundancy?Based on my $search_engine-fu, I presume this is not possible, but checking to be sure.Thanks in advance for...
Hello everyone,I'm trying to comprehend the distinction between the two types of Route Profile configurations within the L3 configuration of a Bridge Domain. I came across some information, but it's still not entirely clear to me. If anyone could pro...
Hello guys Pls the Below inquiries In the BD SettingsL2 Unknown unicast = Flood ===?What This For ARP Flooding = True ==it means we flood inside the BD for a Particular MAC Address Instead of Spine Proxy where do we need this 8021P? which devi...
Hi All,I'm currently implementing ACI Multipod for two data centres. There will be one L3out in each pod that provide connectivity to all external networks (0.0.0.0/0).We want to the ability to configure some Bridge Domains to use the L3out in Pod1 a...
Resolved! ACI Contract Time Based
I cannot find this answer anywhere nor can I figure a way to deploy it, but is there way to create a contract that uses the current day and/or time as a parameter. I am looking for something like the time ranges for ACLs.Thanks,Brett
We use RSA SecureID for MFA and TACACS for the majority of our device administration including ACI. I am trying to work with postman for some automation and was going to create a specific internal user within ISE for authentication (internal credent...
Hi ExpertsI need ur help, please.Problem description===================I have a HPE Proliant server dl380 Gen 10 with an adapter: Broadcom P210tep NetXtreme-E Dual-port 10GBASE-T Ethernet PCIe Adapter - NICThe below adapter is partitioned with NPAR( ...
Hello All, at customer, someone called vPC policy on 100s of EPG, I want to remove it via cli any way? Many thanks & Regards,
We are running ACI 5.2(6e). The Object Store on ACI leaf/spine switches can be accessed via HTTP and HTTPS by default. The Object Store is protected via login form, but we need to disable access completely i.e. stop the switches from listening on HTT...
Hi, In a multipod setup, the inband addresses will be from same subnet or differnet subnets for POD1 and POD2. There is just one inband EPG/BD. would it make sense to have two subnets in that BD? thanks Nadeem
