Hi @titusroz03 ,

The ACI Simulator cannot harm the fabric - be assured you can import your tenant config to the Simulator without changing anything onthe production fabric.

Sorry I took so long to answer.

@RedNectar No problem on the late reply, anyways your answers are always worthy to wait. To understand your reply, I shouldn't do any changes on the production fabric, but out of curiosity can I ask what will happen If I do and import...?

We have two tenants - Prod and Pre-prod and simulator is in running in a BD in Pre-prod Tenant.

And another question is I want to test the inter-tenant route leak by creating BDs and EPGs in network centric model..? Can I experiment it in Simulator before testing this import config test...?

Hi @titusroz03 ,

---

No problem on the late reply, anyways your answers are always worthy to wait.

Thanks.

To understand your reply, I shouldn't do any changes on the production fabric,

Correct

but out of curiosity can I ask what will happen If I do and import...?

Well, if you make changes on the production tenant and import them to the Simulator, then the changes you made will be reflected in the Simulator.

If you make changes in theSimulator and import them to the production tenant, then the changes you made will be reflected in the production tenant.

We have two tenants - Prod and Pre-prod and simulator is in running in a BD in Pre-prod Tenant.

Don't worry about where the simulator is running, That is irelevant

And another question is I want to test the inter-tenant route leak by creating BDs and EPGs in network centric model..? Can I experiment it in Simulator before testing this import config test...?

You can do the configuration in the simulator, but you won't see any route leaking, so you won't really know if it is correct. To see the route leaking you need physical switches.

@RedNectar Thanks for your reply, I am going to make these following steps, i.e exporting the Json file for Prod tenant, remediating the scope and importing it to simulator and observe. My question from the beginning is in this scenario will it impact the original fabric since simulator is running in a VM in fabric but in different tenant.

Hi @titusroz03 ,

Relax. The simulator can't touch your production tenant!

Hi @titusroz03 ,

When you rum POSTMAN, the first thing you (or your script) is going to have to do is log into the APIC (via the API). All subsequent POSTs will then be sent to the APIC, never directly to any leaf or spine switch. So in short, you can't bypass the APIC using this method.

Although I've never done it, if you crafted your scripts to log into a particular leaf rather than the APIC, then you could potentially make changes to a leaf, but you'd have to know what you are doing and wouldn't happen by accident, and most likely the payload of the POSTs would be different to what would be sent to the APIC

So, if you want to be absolutely sure, check which device your POSTMAN script logs into before running it. If it is an APIC, you are good to go. 

Relax 

@RedNectar Yes, it is APIC. We tested to run a HTML based web script in APIC Simulator and we are able to make the Scope definition changes as expected.But not sure in the production environment if this will work as expected, because in Simulator we don't have the misconfiguration locked in subnets but in production we have..

@RedNectar I just now read again your post, I can understand that targetting the particular Leaf were the EPG is deployed will work instead of APIC..? But unfortunately I can't test this APIC Simulator, and I want my script to be crafted accordingly. Could you help me with a sample script for this..?